The following Fedora EPEL 6 Security updates need testing:
Age URL
496
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11198/filezilla-...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11187/libzrtpcpp...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11195/chrony-1.2...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11250/Django14-1...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11245/python-vir...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11257/drupal7-en...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11274/ssmtp-2.61...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11301/drupal7-th...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11327/php-pear-A...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11330/ngircd-20....
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11311/roundcubem...
5
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11339/lighttpd-1...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11393/nagios-3.5...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11395/cacti-0.8....
The following builds have been pushed to Fedora EPEL 6 updates-testing
cacti-0.8.8b-2.el6
check-mk-1.2.2p2-1.el6
nagios-3.5.1-1.el6
Details about builds:
================================================================================
cacti-0.8.8b-2.el6 (FEDORA-EPEL-2013-11395)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
This update fixes two cross-site scripting issues and one SQL injection issue in the
latest version of Cacti.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Ken Dreyer <ktdreyer(a)ktdreyer.org> - 0.8.8b-2
- Patch for CVE-2013-5588 and CVE-2013-5589 (BZ #1000860)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1000860 - CVE-2013-5588 CVE-2013-5589 cacti: XSS and SQL injection flaws
https://bugzilla.redhat.com/show_bug.cgi?id=1000860
--------------------------------------------------------------------------------
================================================================================
check-mk-1.2.2p2-1.el6 (FEDORA-EPEL-2013-11394)
A new general purpose Nagios-plugin for retrieving data
--------------------------------------------------------------------------------
Update Information:
New upstream release and several bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 31 2013 Andrea Veri <averi(a)fedoraproject.org> - 1.2.2p2-1
- New upstream release.
* Thu Aug 29 2013 Andrea Veri <averi(a)fedoraproject.org> - 1.2.2-5
- Make sure the waitmax binary gets built. Also thanks to John Reddy
for his initial work on this. (BZ: #982769)
- Add an if statement for RHEL and make sure auto provides are not set
automatically. (BZ #985285)
- Requires set to mod_python on RHEL, no mod_wsgi migration yet on EPEL. (BZ: #987852)
- Fix the perl command that was doing the needed substitution on the
/usr/bin/check_mk_agent's configuration directories. Thanks Brainslug for the
report. (BZ: #989793)
- In addition to a customized 'defaults' file, add a defaults.py accordingly. (BZ:
#987859)
* Sun Apr 28 2013 Andrea Veri <averi(a)fedoraproject.org> 1.2.2-4.el6
- Make sure the Nagios library path on the check_mk_templates.cfg file
is correct on both x86_64 and i686 systems.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #982769 - check-mk-agent missing waitmax
https://bugzilla.redhat.com/show_bug.cgi?id=982769
[ 2 ] Bug #985285 - check-mk-docs claims to provide perl(Module::Install), masking the
one from perl-Module-Install
https://bugzilla.redhat.com/show_bug.cgi?id=985285
[ 3 ] Bug #989793 - check-mk-agent has wrong hardcoded config/lib directories
https://bugzilla.redhat.com/show_bug.cgi?id=989793
[ 4 ] Bug #987859 - check-mk-multisite package has user "mockbuild" in the
defaults.py
https://bugzilla.redhat.com/show_bug.cgi?id=987859
[ 5 ] Bug #987852 - check-mk-multisite package should have mod_python as a requirement
https://bugzilla.redhat.com/show_bug.cgi?id=987852
--------------------------------------------------------------------------------
================================================================================
nagios-3.5.1-1.el6 (FEDORA-EPEL-2013-11393)
Nagios monitors hosts and services and yells if somethings breaks
--------------------------------------------------------------------------------
Update Information:
Update to 3.5.1
Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294); Init script overwrites
pid file unnecessarily (#983129)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 30 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.1-1
- update to 3.5.1
- drop patch nagios-3.4.3-spaces-to-plus-signs.patch (upstream bug #407)
* Thu Aug 29 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.0-2
- Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)
- Init script overwrites pid file unnecessarily (#983129)
- Corrected bogus dates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #958015 - CVE-2013-2029 Nagios core: Insecure temporary file usage in
nagios.upgrade_to_v3.sh
https://bugzilla.redhat.com/show_bug.cgi?id=958015
--------------------------------------------------------------------------------